Theo's Typesafe CultTTC
Theo's Typesafe Cult2y ago
cupofcrypto

Auth.js v5 issue with UntrustedHost

Hi all, I have hard times figuring out this issue.

I am working on a Next.js 14 + Auth.js v5 project where I need to handle the login via a custom external REST API server built in Nest.js

As far as I can see everything works quite nicely. I am able to login via the external server, store the access and refresh tokens in the session but I would like to use middleware.ts to handle few redirects.

I am not a master at all when we talk about implementing a login system, tbh I relied all my career on third party tools and oAuth system.

Also I am following this video from the Code With Antonio channel that's focused on v5.

The thing is that when I try to check the content of req.auth in my middleware.ts that's passed to the auth function I always get the following even if the user is logged in. 
{
  message: 'There was a problem with the server configuration. Check the server logs for more information.',
  code: 'UntrustedHost'
}


The thing is that in my local dev env I have both the FE and BE under the http and even if I am able to load a certificate with the --experimental-https option in next dev, obviously this is still failing because I am making REST calls to an untrusted server.

I tryed to leverage the trustHost: false option in auth.js but the situation is getting even worst because I get redirected to the /api/auth/error endpoint for next-auth.

From the code example I rely on req.auth to check if user is logged in or not, but in this case the returned object is always set so to the app looks like the user is logged-in even though is not.

Can you help me figure out what's going on?

Thanks in advance guys
Was this page helpful?